The transition to and adoption of electronic health records is not as violent as Hurricane Sandy, but it could be equally as painful. The effects of the HITECH Act will last long after the recovery from Hurricane Sandy.

In recognition of the HITECH Act disruption to the medical community, the government is offering some assistance. CMS and the HITECH Act provides incentive money to health care providers who accept Medicareor Medicaid and also adopt electronic health records or EHR / EMR software..

Office of the National Coordinator for Health Information Technology (ONC) certified electronic medical record systems have demonstrated the capability to meet all of the meaningful use stage 1 criteria.

The core meaningful use measure :” Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities” addresses HIPAA laws.

The certified EMR software will comply with the HIPAA laws. But EMR technology is not the total solution for meeting this meaningful use requirement.

Many EMR vendors tell the eligible professional that they don’t have to worry about compliance with HIPAA laws…Just let the EMR software handle the HIPAA requirement.

WRONG!

Healthcare and HIPAA Risk Management

In addition to the software compliance, HIPAA regulations also require health care providers to do a HIPAA risk assessment. Neglecting the risk assessment makes you vulnerable to criminal and hefty financial penalties for HIPAA violations.

There is lots of talk about the HIPAA privacy policy. But there are HIPAA regulations about the security of patient data. Catastrophes like Hurricane Sandy and the follow on Nor’easter represent data security risks.

You must have a contingency plan that is documented. It should contain things like an emergency mode operation plan and disaster recovery plan.

So don’t forget about the HIPAA security rule and EHR security issues.

If you get attest to meaningful use and receive HITECH Act incentive money from the Centers for Medicare and Medicaid Services (CMS) , you better be telling the truth. Providers receiving incentive payments are 40% more likely to be audited.

Will you be ready?

Documentation is key to the basic survival and smooth operation of your medical practice – whether you have electronic medical health records or not. Workflow documentation is required!

You can’t assume everyone in your office knows and remembers what to do.

You need to prepare yourself for turnover and re-training of your staff.

And it helps to be clear on roles and responsibilities.

** Key to passing the HIPAA risk assessment and a HIPAA audit is documentation of your policies and procedures. **

** Key to having a successful EMR implementation is workflow documentation.**

The HITECH Act provides a couple of compelling reasons to follow HIPAA laws and “put it in writing!”